Remarks 

The above Amendments and these Remarks are in reply to the Office Action mailed April 10, 

2007. 

I. Summary of Examiner's Rejections 

Prior to the Office Action mailed April 10, 2007, Claims 57-58, 63-64, 72-73, 81-82 and 90-95 
were pending in the Application. In the Office Action, Claims 57, 63, 72 and 81 were rejected under 35 
U.S.C. 103(a) as being unpatentable over Brownlie et al. (U.S. Patent No. 6,202,157, hereinafter 
Brownhe) in view of Rogers et al. (U.S. Patent No. 5,557,747, hereinafter Rogers) in view of Guedalia et 
al. (U.S. Patent No. 6,148,333, hereinafter Guedalia) and fiarther in view of Archibald et al. (U.S. Patent 
No. 5,825,883, hereinafter Archibald). Claims 58, 64, 73 and 82 were rejected under 35 U.S.C. 103(a) as 
being unpatentable over the modified Brownlie, Rogers, Guedaha and Archibald system, and fiarther in 
view of Luckenbaugh (U.S. Patent No. 5,991,887, hereinafter Luckenbaugh). Claims 91, 93 and 95 were 
rejected under 35 U.S.C. 103(a) as being unpatentable over the modified Brownlie, Rogers, Guedalia, 
Archibald and Luckenbaugh system as applied to claims 90, 92, and 94 above, and fiarther in view of 
Balassanian (U.S. Patent No. 6,324,685, hereinafter Balassanian). Claims 57, 58, 63, 64, 72, 73, and 81 
and 82 were provisionally rejected on the ground of nonstatutory obviousness-type double patenting as 
being unpatentable over Claims 1, 6, 1 1, 16 and 21 of co-pending Application No. 1 1/171,104, in view of 
Guedaha. Claims 90, 92 and 94 were provisionally rejected on the ground of nonstatutory obviousness- 
type double patenting as being unpatentable over Claims 1, 11, and 21 of copending Apphcation No. 
11/171,104 in view of Guedalia, and Archibald as applied above and fiarther in view of Luckenbaugh. 
Claims 91, 93, and 95 were provisionally rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over Claims 90, 92, and 94 of copending Application No. 1 1/171,104 in 
view of Guedalia, Archibald, and Luckenbaugh as applied above and fiarther in view of Balassanian. 

II. Summary of Applicant's Amendment 

The present Response amends Claims 57, 63, 72 and 81, leaving for the Examiner's present 
consideration Claims 57, 58, 63, 64, 72, 73, 81, 82 and 90-95. Reconsideration of the Application, as 
amended, is respectfially requested. Applicant respectfully reserves the right to prosecute any originally 
presented or canceled claims in a continuing or fiature application. 

III. Claim Rejections under 35 U.S.C. § 103(a) 

In the Office Action mailed April 10, 2007, Claims 57, 63, 72 and 81 were rejected under 35 
U.S.C. 103(a) as being unpatentable over Brownlie et al. (U.S. Patent No. 6,202,157, hereinafter 
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Brownlie) in view of Rogers et al. (U.S. Patent No. 5,557,747, hereinafter Rogers) in view of Guedalia et 
al. (U.S. Patent No. 6,148,333, hereinafter Guedalia) and fiarther in view of Archibald et al. (U.S. Patent 
No. 5,825,883, hereinafter Archibald). Claims 58, 64, 73 and 82 were rejected under 35 U.S.C. 103(a) as 
being unpatentable over the modified Brownlie, Rogers, Guedaha and Archibald system, and fiarther in 
view of Luckenbaugh (U.S. Patent No. 5,991,887, hereinafter Luckenbaugh). Claims 91, 93 and 95 were 
rejected under 35 U.S.C. 103(a) as being unpatentable over the modified Brownlie, Rogers, Guedalia, 
Archibald and Luckenbaugh system as applied to claims 90, 92, and 94 above, and fiarther in view of 
Balassanian (U.S. Patent No. 6,324,685, hereinafter Balassanian). 

Claim 57 

Claim 57 has been amended to more clearly define the embodiment therein. As amended. Claim 
57 defines: 

57. A system for maintaining security in a distributed computing environment, 
comprising: 

a policy manager located on a server for: 

creating a local security policy derived from a global security policy, said 
global security policy including a plurality of rules applicable to all 
application guards in the system, wherein creating the local security 
policy includes selecting a subset of the plurality of rules of the global 

security policy, said subset being applicable to a specific application 

guard at a client; and for 

distributing the local security policy to said client wherein the local security 
policy includes the subset of rules customized to the client, said subset of 
rules including a set of grant rules that allow access to securable components 
and a set of deny rules that prevent access to said securable components; 
and 

an application guard located at the client for managing access by individual 

transactions to securable components at a client level as specified by the 
local security policy, the securable components including at least one 
application, wherein said application guard is integrated into said 
application and controls access to the application with which it is 
integrated; 

wherein the application guard receives an authorization request including a subject, 
an object and a privilege and evaluates said request by matching the subset of 

rules received from the policy manager to said subject, said object and said 
privilege in order to control access to said application integrated with the application 
guard. 

As amended. Claim 57 defines a method for controlling security to applications via distributed 
security pohcies. A local security policy is created by selecting a subset of rules from the global security 
policy, which are applicable to a specific application guard. That local security policy is then distributed 
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to the application guard. The apphcation guard is integrated into the apphcation and controls access to the 
application with which it is integrated, based on the received pohcy. Thus, the application guard receives 
authorization requests and matches the subset of rules received from the pohcy manager to a subject, 
object and privilege in order to guard access to the application. 

An advantage of these features is that a specific local policy can be derived for each application 
guard on the network. Thus, specific apphcations can each have customized local security rules, while at 
the same time a global security policy is also enabled for centralized control, analysis and the like. This 
can be especially advantageous in distributed enterprise environments, with many different applications 
and client computers and complex and dynamic security. 

Claim 57 has been rejected as being obvious over Brownlie, Guedalia, Rogers and Archibald 
(hereinafter the cited references). However, Applicant respectfially submits that the cited references fail to 
disclose nor render obvious the features of Claim 57, as amended. 

Upon closer inspection it will become apparent that none of the cited references disclose any 
local security pohcy or global security policy , where the local security pohcy is created by selecting a 
subset of rules from the global security policy . In the Office Action it was admitted that Brownlie fails to 
disclose this feature. Instead, Rogers was cited as teaching global and local pohcies in column 8, lines 25- 
38 (office action, page 3). Applicant respectfially disagrees. The cited portions of Rogers merely appear to 
disclose a global table and a local table (e.g. "global Environment Table") for checking that variables are 
used consistently. This merely appears to check the local scope and global scope variables to make sure 
that they don't confiict. Rogers fails to even mention any security policies and only a "network pohcy" is 
disclosed, one that deals with monitoring the state of the network. Network policies are not the same as 
global and local security policies. Even more so, Rogers completely fails to disclose that a local security 
policy is created by selecting a subset of security rules from the global policy, which are applicable to a 
specific application guard, as defined in amended Claim 57. 

Additionally, the cited references also fail to disclose the application guard defined in amended 
Claim 57. In the Office Action, Archibald was cited as disclosing an application guard being integrated 
into an application (Office Action, page 3). Applicant respectfially disagrees. As amended. Claim 57 
defines an application guard that is integrated into an apphcation and controls (guards) access to that 
specific apphcation based on a local security policy . No such fianctionality is described in any of the cited 
references. At most, Archibald teaches a tariff file embedded in an apphcation (Abstract). This tariff file 
is mere data about the application, such as a digital application identification code (col. 17, lines 45-64). 
However, the application guard of claim 57 is not mere identification data, rather it is an entity 
responsible for allowing/denying access to the apphcation with which it is integrated based on a local 
security pohcy. 
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Archibald also mentions that "a logic diagram indicates steps which are embedded in an 
application" (col. 17, lines 45-47). However, the general concept of embedding data or fimctionality is 
well known in the art and is quite different from the application guard defined in amended Claim 57. As 
such, Archibald fails to disclose any application guard that guards access to the application with which it 
is integrated based on a received local policy, as defined in amended Claim 57. 

Furthermore, in the Office Action, from four to as many as six references, each dealing with a 
different area of technology, were combined in order to reject the claims of the present Application. For 
example, Archibald does not appear to be concerned with security and instead appears to deal with 
monitoring apphcations and generating accounting information (Archibald, Abstract). Similarly, Rogers 
completely fails to even mention computer security and is instead concerned with network policies for 
monitoring the network. As such, it would not have been obvious to combine these references with 
Brownhe, Guedalia and/or each other, and doing so would have to be drawn from impermissible 
hindsight, i.e. hindsight reconstruction of the claimed system. In addition, even if these references were 
combined, they would still fail to disclose all of the features of Claim 57, as discussed in the remarks 
above. Applicant respectfially requests that Examiner reconsider the claim rejections. 

Claims 63, 72 and 81 

Claims 63, 72 and 81, while independently patentable, recite limitations that, similarly to those 
described above with respect to claim 57, are not taught, suggested nor otherwise rendered obvious by the 
cited references. Reconsideration thereof is respectfially requested. 

Claims 58, 64, 73, 82 and 90-95 

Claims 58, 64, 73, 82 and 90-95 are not addressed separately, but it is respectfully submitted that 
these claims are allowable as depending from an allowable independent claim, and fiarther in view of the 
comments provided above. Applicant respectfially submits that Claims 58, 64, 73, 82 and 90-95 are 
similarly neither anticipated by, nor obvious in view of the cited references, and reconsideration thereof is 
respectfially requested. 

It is also submitted that these claims also add their own limitations which render them patentable 
in their own right. Applicant respectfially reserves the right to argue these limitations should it become 
necessary in the future. 

IV. Provisional Double Patenting Rejections 

Claims 57, 58, 63, 64, 72, 73, and 81 and 82 were provisionally rejected on the ground of 
nonstatutory obviousness-type double patenting as being unpatentable over Claims 1,6,11,16 and 2 1 of 
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co-pending Application No. 11/171,104, in view of Guedalia. Claims 90, 92 and 94 were provisionally 
rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over 
Claims 1, 11, and 21 of copending Application No. 11/171,104 in view of Guedalia, and Archibald as 
applied above and fiarther in view of Luckenbaugh. Claims 91, 93, and 95 were provisionally rejected on 
the ground of nonstatutory obviousness-type double patenting as being unpatentable over Claims 90, 92, 
and 94 of copending Application No. 11/171,104 in view of Guedaha, Archibald, and Luckenbaugh as 
applied above and fiarther in view of Balassanian. 

The present Response hereby includes a timely filed terminal disclaimer in compliance with 
C.F.R. 1.321 to overcome the provisional rejection based on nonstatutory double patenting ground. The 
present Application is commonly owned with the co-pending Application No. 11/171,104 and 
accordingly. Applicant respectfially submits that the terminal disclaimer renders moot the nonstatutory 
double patenting rejections. Reconsideration thereof is respectfially requested. 

V. Conclusion 

In view of the above amendments and remarks, it is respectfially submitted that all of the claims 
now pending in the subject patent apphcation should be allowable, and reconsideration thereof is 
respectfially requested. The Examiner is respectfially requested to telephone the undersigned if he can 
assist in any way in expediting issuance of a patent. 

The Commissioner is authorized to charge any underpayment or credit any overpayment to 
Deposit Account No. 06-1325 for any matter in connection with this response, including any fee for 
extension of time, which may be required. 

Respectfially submitted. 

Date: September 10. 2007 By: /Justas Geringson/ 

Justas Geringson 
Reg. No. 57,033 

Customer No.: 23910 
FLIESLER MEYER LLP 
650 California Street, 14''^ Floor 
San Francisco, Cahfomia 94 1 08 
Telephone: (415) 362-3800 
Fax: (415)362-2928 
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